Monday, April 22, 2013

I have developed an app in app in office 365 site and every thing went well for app in office 365 site. I have developed same app for share point 2013, using visual studio office development tools. Before deploying app in share point server, we need to check the following list of things in share point server,

Create an App Domain-- Done

Run Shared Service Instances-- Done

Check App Service and SharePoint Subscription services are running in the server-- Done

Add App Domain to the List of Intranet Sites in Internet Options-- Done

Deployed the app in share point site, while accessing the app through share point site, it is prompting for credentials. I have tried many times with different credentials, Redeployed app to share point site and restarted my machine, No luck.. :(I have googled for the same issue and in Microsoft forums i got some clue on the issue. The issue here is we need set the value for DisableLoopbackCheck registry key.What is Loop Back CheckFrom Server 2003 SP1, There is feature called Loop back check related to security. It will makes server can't call by itself through the host name, that share point does. So that share point will prompts us to enter credentials.i have followed following steps to fix this error,Go to Registry Editor (Run-->regedit)

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Right-click Lsa--> New--> DWORD Value.

Type DisableLoopbackCheck, and then press ENTER.

Right click on DisableLoopbackCheck--> Modify,

Change value form 0 to 1 and click on OK.

Quit Registry editor and restart computer.That's it. My issue got fixed and i am able to see my custom app. Hope this help you.

Thursday, March 28, 2013

An App in Share Point gets the permissions that it need while installing the app, from the user who installing app. App permissions are granted through the Appmanifest.xml file during development of an app. User who installing the app may grant all the permissions which he is having or may not grant the permissions. So permissions from the user to an app is all the permissions of the user or no permissions.Generally App contains the following information,

Display Name,

Client Id of the app

app domain.

Generally Windows Azure Access Control Service (ACS) will store all the basic information of app like display name, APP URL. When Share point User install the app, SharePoint 2013 gets the information from ACS and store it in App management service. Later on the Content DB service and user profile service gets the information from App management shared service.In Share point 2013 apps has their own identity called App Principle Unlike Users and groups in share point app principle has permissions and rights. The App principle requests the share point to host the apps web, because it is having full permissions.Permissions Scopes:In SharePoint we have different permission scopes, like Site, Web site, List, Library and Tenancy Here site indicates site level, web sites indicates web site level and list/library indicates the list/library level scope. All the permissions will apply to the child scope like if scope is site, the permissions will be inherit to the entire site level. Permissions will apply all the children in that site. Permission Rights:SharePoint 2013 apps will support four kinds of permissions levels. Read, Write, Manage, Full Control. All these permissions will same as regular share point Reader, Contributor, Designer and Full control. Here to avoid confusion between rights they made right names as unique expect Full Control. Because full control permission level will not be customized.Read, Write, Manage, Full Control permissions are only permissions rights entire share point For search there is one permission called "Query right". For project server "Submit Right" and "elevate right" are available. For Taxonomy we are having only Read and Write permissions.Permissions that not aware of SharePoint 2013 are avoided. Suppose, a permission mentioned in the AppManifest file of app that is not recognized by share point 2013, app installed will return an error message. App installer don't have sufficient permissions to install app, in that case also an error message will be shown.We can supply the permission access for an app through AppManifest.xml file shown read access for list and write access for the web.

As discussed above all the share point sites and list have the four rights. In Some other cases like BCS and Project server, Search , Taxonomy permissions will be changed. App Permissions - When and How:App permissions will grated when an app is installed by website administrator, granted permissions explicitly and when an app got removed.App permissions will be stored in content database under App Id. Each Content database will register the app details. App got permissions or deleted, In content database also app permissions will be granted or deleted.App Authentication and Authorization:App authentication will process several ways. If the authentication call is not OAuth call, that should be allowed on the basis of share point principle associated to the app web. If it is OAuth call then, share point uses Windows Azure Access Control service (ACS).App authorization will have three policies, User-only policy, User-App policy, app-only policy depending on the authentication identity. User-only policy is used in share point 2010. Here authorization takes only user account.User-App policy authorization takes both user and app identity.App-only policy takes only app-identity. For example if there are four people (A,B,C,D) are working in a site. But A wants to App. In that case App-only permissions will apply to the user-A as elevated permissions. Remaining people will not be used the App.

Follow us in facebook

About Me

Having good experience in SharePoint 2007/2010 and .net applications. Currently, working on SharePoint 2013 and training people on SharePoint. Microsoft certified technology specialist, Microsoft Certified Professional developer in SharePoint 2010.